Proactive Solutions to Prevent Business Email Compromise
In 2018, 71% of all targeted attacks started with a spear phishing attempt. Spear phishing is a long-used, targeted scam where attackers will research habits, trusted organizations, fellow employees and any other personal information to create an email you are more likely to interact with. A successful phishing attack can lead to ransomware, CEO fraud and even total business compromise. But even the oldest trick in the book can be prevented with proactive security & training.
Depending on the amount of training and awareness your employees have, it is likely that your company identified or fell victim to one of these attempts in 2018. Could this attempt have been successfully prevented by minor security changes? Probably. It doesn’t take much to prevent a scam email from ever reaching your inbox, lowering the chances of that link being clicked all together. Generally, there are several tiers of security strategies that can be implemented, and the more data you have and rely on, the more security you should have.
Regular Training
Your end users are your weakest link. One click on a bad email could cause a domino effect across your whole network. Regular user training is critical, not just after an event has occurred. Users should be looking at email content, links, and attachments for suspicious material, not just the ‘from’ address & contact details. Emails that are targeted toward your organization are going to be authentic looking, so your users need to be able to identify scam emails or at least be conscious of the red flags when navigating their inbox.
Multi-Factor Authentication
Multi-factor authentication or MFA/2FA is the next step to beef up your security and is one of the best proactive security tools you can implement. MFA consists of any combination of three things:
Something you know: for example, a password. This is the least secure part of MFA but combined with other factors becomes stronger.
Something you have: this is any physical device that you carry on your person that must validate your login. For example, a phone, smart watch or a security dongle.
Something you are: this is anything biometric, like a fingerprint, iris or face scan. Biometric elements are very hard for attackers to imitate, making it the most secure element of MFA.
Combining 2 or more of these elements when logging into places makes it very hard for attackers to steal your credentials unless they can successfully duplicate the elements you use. But implementing MFA after an incident can be useless, once an attacker has access to your account, they can download your contact book and email history almost instantly. Implement a form of MFA today to stop a breach caused by clicking on a bad link from ever occurring.
Email Policies
Many email providers let account admins set preferences on their email security. Attackers can spoof emails to look like they are coming from your internal domain or a trusted contact, resulting in the user trusting the contents of that malicious email. Office 365 validates ‘from’ addresses so that an internal domain email can be received if it is coming from an outside source. This prevents an external party from trying to scam using an internal domain and prevents your account from sending scam emails to your whole contact list, should your account be compromised. Office 365 can also implement ATP or Advanced Threat Protection policies. These policies can protect specific addresses, like your executive staff, or cover your whole network, enable mailbox intelligence to catch fraud emails at the user-level, and can be enabled to actively check each email with varying levels of intensity.
Internal Security Audit
If you’re having repeated issues with phishing attacks and fraud emails, maybe it’s time to rethink your strategy. Whether internal or outsourced, giving an experienced security team the chance to evaluate your environment, run tests, and discover the weak links is one of the most valuable options you have.
Avoidance will not make the problem go away, and as attacks get smarter, your data is more at risk. Small to medium sized businesses are the most at risk to total business compromise and some never recover from a breach or loss of data. Start implementing proactive security solutions today to keep your data secure and prevent an accident that could’ve been prevented with minimal effort.
Sources
https://interactive.symantec.com/ISTR?CID=70138000001MD17AAG
https://docs.microsoft.com/en-us/office365/securitycompliance/set-up-anti-phishing-policies